Amazon CloudFront Extensions

Amazon CloudFront Extensions is an extension for using CloudFront. CloudFront Extensions includes rich set of featured Lambda@Edge, CloudFront Functions, CDK templates for various user scenarios and an out-of-box monitoring solution.

What is CloudFrontExt

One stop to find Lambda@Edge and CloudFront Function for different use cases

CloudFront Extensions offers production level Lambda@Edge and CloudFront Function for common CloudFront use cases, such as redirect, authentication, pre-warm etc.


NameDescriptionDeployment TypeDeploy
Authentication by CognitoIntegrate with Cognito to provide authentication service.(Workshop)SAR, SAMDeploy
Adding security headerAdd security header into response after successful authentication, this function will add ‘strict-transport-security’ to force browser using HTTPS.SAR, SAMDeploy
Serving Content Based on Device TypeRedirect to the different version of an object based on the type of device that the user is using.(Workshop)SAR, SAMDeploy
Cross Origin Resource SharingSupport CORS(Cross Origin Resource Sharing) by Lambda@Edge.SAR, SAMDeploy
Modify response status codeModify response status code to specific code, such as 200 to 206, based on configured parameter.SAR, SAMDeploy
Modify response headerModify response header as per configuration.SAR, SAM, CDKDeploy
Access origin by weight rateForward request to multiple origin regarding to pre-configured weight for each origin.SAR, SAMDeploy
Failover to alternative originFailover to alternative IP from pre-configured list, return from success IP otherwise retry until last one.SAR, SAM, CDKDeploy
Support 302 from originProcess 302 response from origin, then access the redirected URL and return the response.SAR, SAM, CDKDeploy
Pre-warmThis Lambda will prewarm static content in specific pop.SAR, SAMDeploy
Resize pictureResize pictures on the fly according to dimensions passed by the query parameter.SAR, SAMDeploy
Anti-hotlinkingProtect against hotlinking, users need to specify a referer allow list which supports wild card, the request is rejected if the referer is not in the allow list.SAR, SAM, CDKDeploy
Standardize query stringStandardize the query string before CloudFront forwards requests to your origin, so that improve the cache hit ratio.SAR, SAM, CDKDeploy
OAuth2 AuthenticationAuthentication with OAuth2.CDK-
Authentication with AliYunThis solution provided by Goclouds Data is designed to achieve ALIYUN CDN authentication.SAR, SAMDeploy
Default Directory Index for Amazon S3 Originre-write the request so that CloudFront requests a default index object (index.html in this case) for any request URI that ends in ‘/’. Use caseCDK-
Rewrite host for Custom OriginRewrite host for custom originSARDeploy
Redirect URL by GeolocationForward request to the nearest PoP as per geolocation. It will return the location to client for 302 forwarding.CDK-
Convert query stringConvert the query string to key & value pairs and add into header.CDK-
Serverless load balancerThe serverless load balance solution will load balance for your origin via Lambda@Edge which is deployed on CloudFront origin request.SAR, SAMDeploy
Access origin by geolocationForward request to the nearest PoP as per geolocation. It will access the location from Edge location.CDK-
Custom Error PageDefine a custom error page with a specific status code from the origin response. Use caseCDK-
Global Data IngestionPipeline custom log to backend data ingestion service like Amazon Kinesis Firehose. Use caseCDK-
Custom Response with New URLReplace the response content with a new content. For example, replace the url “” to “” in the response.SAR, SAMDeploy

CloudFront Function

Add Security HeadersAdd several response headers to enable web browsers security features.Deploy
Cross Origin Resource SharingSupport CORS(Cross Origin Resource Sharing) by CloudFront Function.Deploy
Add Cache Control HeadersAdd a Cache-Control header for the browser so that content can be cached locally in the browser.Deploy
Add Origin HeadersAdd an Origin header if it is not present in the incoming request. The Origin header is part of Cross-Origin Resource Sharing (CORS), a mechanism using HTTP headers to tell browsers to give a web application running at one origin access to selected resources from a different origin.Deploy
Add True Client IP HeadersAdd a True-Client-IP header to include the IP address of a client connecting to CloudFront. Without this header, connections from CloudFront to your origin contain the IP address of the CloudFront server making the request to your origin, not the IP address of the client connected to CloudFront.Deploy
Redirect Based on CountryRedirect a user to a country-specific version of a site based on the country of the user.Deploy
Default Dir IndexAppend index.html to the end of URLs that don’t include a filename or extension.Deploy
Verify Json Web TokenValidate a JSON Web Token (JWT) in the query string of the incoming request.Deploy
Customize Request HostReplaces host with the value in header awscustomhost.Deploy

One-Click to deploy commonly used CloudFront solutions

CloudFront Extensions offers common solutions for using CloudFront, such as Shield&WAF Deployment for CloudFront. The solutions are provided in pre-baked CloudFormation/CDK templates. Customers can have solution launched into their own AWS consoles with a few clicks.

Out-of-box experience when integrating with external monitoring system

The fact that metrics and events are retrieved from different AWS services (for example, events are from Evert Bridge, access logs are from s3, etc.), make it a big challenge for improvement of monitor experience when using CloudFront. Customers have wanted to a universal place to handle those logs/events with generic monitoring capability. CloudFront Extensions has provided out-of-box monitoring solution to enhance the overall observability and simplify the integration of CloudFront and customers’ existing monitoring system.